#!/usr/bin/env bash
##
##  This script prepares the Vault context and required tooling
##  for the package pipelines.
##
##  NOTE: *_SECRET or *_TOKEN env variables are masked, hence if you'd like to avoid any
##        surprises please use the suffix _SECRET or _TOKEN for those values that contain
##        any sensitive data. Buildkite can mask those values automatically
##

set -eo pipefail

# Upload should not do much with the pre-command.
if [[ "$BUILDKITE_COMMAND" =~ .*"upload".* ]]; then
  echo "Skipped pre-command when running the Upload pipeline"
  exit 0
fi

# shellcheck disable=SC1091
source .buildkite/scripts/utils.sh

get_os_details() {
    case $(uname | tr '[:upper:]' '[:lower:]') in
    linux*)
        export OS_NAME=linux
        ;;
    darwin*)
        export OS_NAME=osx
        ;;
    msys*)
        export OS_NAME=windows
        ;;
    *)
        export OS_NAME=notset
        ;;
    esac
    case $(uname -m | tr '[:upper:]' '[:lower:]') in
    aarch64*)
        export OS_ARCH=arm64
        ;;
    arm64*)
        export OS_ARCH=arm64
        ;;
    amd64*)
        export OS_ARCH=amd64
        ;;
    x86_64*)
        export OS_ARCH=amd64
        ;;
    *)
        export OS_ARCH=notset
        ;;
    esac
}

if command -v docker &>/dev/null; then
    echo "--- Prepare Elastic docker context :docker:"
    DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/observability-ci/docker-elastic-observability"
    DOCKER_USERNAME_SECRET=$(retry 5 vault kv get -field username "${DOCKER_REGISTRY_SECRET_PATH}")
    DOCKER_PASSWORD_SECRET=$(retry 5 vault kv get -field password "${DOCKER_REGISTRY_SECRET_PATH}")
    DOCKER_REGISTRY_SECRET=$(retry 5 vault kv get -field registry "${DOCKER_REGISTRY_SECRET_PATH}")
    retry 4 docker login -u "${DOCKER_USERNAME_SECRET}" -p "${DOCKER_PASSWORD_SECRET}" "${DOCKER_REGISTRY_SECRET}"
    unset DOCKER_USERNAME_SECRET DOCKER_PASSWORD_SECRET
    export DOCKER_REGISTRY_SECRET
    retry 4 docker pull --quiet docker.elastic.co/infra/release-manager:latest

    echo "--- Prepare dockerhub context :docker:"
    DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/observability-ci/docker-hub-observability"
    DOCKER_USERNAME_SECRET=$(retry 5 vault kv get -field username "${DOCKER_REGISTRY_SECRET_PATH}")
    DOCKER_PASSWORD_SECRET=$(retry 5 vault kv get -field password "${DOCKER_REGISTRY_SECRET_PATH}")
    DOCKERHUB_REGISTRY_SECRET=$(retry 5 vault kv get -field registry "${DOCKER_REGISTRY_SECRET_PATH}")
    retry 4 docker login -u "${DOCKER_USERNAME_SECRET}" -p "${DOCKER_PASSWORD_SECRET}" "${DOCKERHUB_REGISTRY_SECRET}"
    unset DOCKER_USERNAME_SECRET DOCKER_PASSWORD_SECRET
fi

echo "--- Setting up the :github: environment..."
# release.mk uses gh cli to know the current release tag. release.mk is used by the root Makefile
# regardless is explicitly used, so it's loaded with the include directive.
# this will avoid printing warnings about the missing gh cli configurations
# VAULT_GITHUB_TOKEN is a primitive env variable created by the Buildkite automation.
GH_TOKEN="${VAULT_GITHUB_TOKEN}"
export GH_TOKEN

echo "--- Setting up the :golang: environment..."
GO_VERSION=$(grep '^go' go.mod | cut -d' ' -f2)
WORKSPACE=$(git rev-parse --show-toplevel)
export GO_VERSION WORKSPACE
get_os_details
retry 5 curl -sL -o ${WORKSPACE}/gvm "https://github.com/andrewkroh/gvm/releases/download/v0.6.0/gvm-${OS_NAME}-${OS_ARCH}"
chmod +x ${WORKSPACE}/gvm
eval "$(${WORKSPACE}/gvm $GO_VERSION)"
echo "Golang version:"
go version
GOPATH=$(command go env GOPATH)
PATH="${PATH}:$GOPATH:$GOPATH/bin"
export PATH

echo "--- Prepare vault context :vault:"
CI_DRA_ROLE_PATH="kv/ci-shared/release/dra-role"
DRA_CREDS_SECRET=$(retry 5 vault kv get -field=data -format=json ${CI_DRA_ROLE_PATH})
VAULT_ADDR_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.vault_addr')
VAULT_ROLE_ID_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.role_id')
VAULT_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.secret_id')
export VAULT_ADDR_SECRET VAULT_ROLE_ID_SECRET VAULT_SECRET
